+0.00(+0.16%)

How to keep your data safe while holiday shopping

Getty Images. Phishing attempts, malicious downloads and other fraud attempts spike during the holiday season. How to shop safely.

In the run-up to Black Friday weekend, make sure to fraud-proof your holiday shopping plans.

Retail sales this November and December are expected to tally $655.8 billion, up 3.6 percent from last year, according to the National Retail Federation. Nearly half of the average shopper's $998 budget will be spent online, according to Deloitte – including 35 percent via a personal computer, 7 percent via a smartphone and 5 percent via a tablet.

Tech-heavy shopping habits make a tempting target for thieves looking to snag your personal or financial data, security experts say. Between Thanksgiving and Christmas last year, the average daily number of malware infections was up 84 percent compared to a month earlier, according to data from Enigma Software Group.

"This is the time of year to be that extra bit vigilant, that extra bit cautious," said Geoff Webb, vice president of strategy for information technology firm Micro Focus.

Here's how to keep your data safe:

One in five consumers has made a purchase on their phone over an unsecured WiFi connection, and 15 percent have conducted other financial transactions like online banking or bill pay, according to a survey conducted by Harris Poll on behalf of University of Phoenix. The survey polled 2,235 U.S. adults in late September.

Use your cellular network instead for such transactions, said Kirsten Hoyt, academic dean for the College of Information Systems and Technology at University of Phoenix. "Those open public WiFi networks open you up to a lot of risk," she said.

It's not unusual to see hackers create rogue networks with names similar to that of a nearby business, to snare unsuspecting consumers. Even if the network is legit, there's no guarantee it's secure. Thieves could intercept data like your account login or credit card number.

Would-be thieves are sending more realistic phishing emails in the guise of holiday sale mail from retailers, purchase confirmations and shipping updates, said Stan Black, chief security officer for software company Citrix. Clicking on a shortened link in an email could send you to a spoofed site intended to collect personal data, or trigger a malicious download.

"Any communication you see that is too good to be true, is," said Black.

Keep emails related to legit holiday transactions in a separate folder so you can more easily recognize say, a faux shipping notification. When in doubt, open a new window and type in the shipper, bank or retailer's web address to check up on a sale or purchase, he said.

Consider the security of a transaction, especially when you're shopping with an unfamiliar web retailer. "Do some research on any vendor you're going to exchange money with," said Mat Gangwer, chief technology officer for Rook Security.

As you're checking out, look for an "https" or a lock symbol – or both – at the start of the site web address, indicating a secure connection, he said.

If the site requires you to create an account to complete a purchase, pick a unique password instead of recycling one you use elsewhere, Webb said. That keeps thieves from using one compromised account to crack your email, bank account or other retail log-ins.